Unofficial Nessus Scanner

Tenable's Nessus Scanner is a vulnerability scanner that looks for known vulnerabilities, malware, configuration issues, etc. both through network inspection of hosts and through authenticated analysis of the host itself. For more information about Nessus, please consult the following links:

• Nessus Scanner product page
• Nessus Scanner latest docs

Build files

The github repository for the build files is located here.

Supported tags

Each image is tagged with the major, minor, and patch releases. The most current image is always tagged as "latest". For the current listing of tags, please refer to the tags tab for a current listing.

Usage

docker run -dt \
    -e LINKING_KEY={LINKING_KEY}\
    -e SCANNER_NAME={SCANNER_NAME}\
    --name nessus_scanner\
    stevemcgrath/nessus_scanner:latest

If running from a Kubernetes pod make sure to set tty: true.

Modifications

• /opt/nessus/bin and /opt/nessus/sbin have been added to the system $PATH variable.
• nessus_adduser.exp has been loaded into /usr/bin to facilitate in programmatic user creation when necessary.
• nessus.sh has been loaded into /usr/bin as a wrapper to configure the Nessus daemon before launch.

Environmental Variables

One of the following MUST be set:

• LINKING_KEY (required) - Linking key to use for linking the scanner to Tenable.io
• LICENSE (required) - Activation code (if not a Tenable.io linked scanner)
• SECURITYCENTER (required) - If the scanner is to be SecurityCenter linked, then simply set this variable to Yes instead of setting a LICENSE or LINKING_KEY variable.

The following are OPTIONAL parameters

• SCANNER_NAME (optional) - Override the default behavior of registering with the hostname
• MANAGER_HOST (optional) - Nessus Manager address
• MANAGER_PORT (optional) - Nessus Manager service port
• PROXY_HOST (optional) - Proxy address
• PROXY_PORT (optional) - Proxy service port
• PROXY_USER (optional) - Proxy account username
• PROXY_PASS (optional) - Proxy account password
• PROXY_AGENT (optional) - Proxy agent string
• ADMIN_USER (optional) - Username for admin user creation. If not provided, defaults to admin.
• ADMIN_PASS (optional) - Password for admin user creation. If not provided, a password will be generated.
• NO_ROOT (optional) - Set to Yes when wanting to run Nessus as a non-privileged user. You should only use this environment variable if you know what you are doing and why you are doing it.
• NON_PRIV_USER (optional) - If NO_ROOT is set, you may use this to specify a username that will be created and used. If left unset, the default is nessus.